What does the WannaCry cyber hack teach us?

What does the WannaCry cyber hack teach us?

The recent cyber hack of the National Health Service (NHS) in the UK of the WannaCry ransomware cryptoworm resulted in panic and the suspension of vital health care services across England. It’s an understatement to say that this hack was more serious than most.

When the cyber-attack struck on Friday May 12, 47 trusts were affected and seven had to turn away ambulances at their A&E departments altogether. The computer virus continued to impact on services over 72 hours later with things only starting to return to normal the following Tuesday.

The ransomware program demanded a Bitcoin payment to unlock the affected computer. Bitcoin was chosen as the virtual currency is a lot harder to track than conventional currency. This attack was never intended to target specific organisations, just to wreak immense havoc rather than necessarily make the hackers rich, and wasn’t limited to the NHS and the UK, this attack was an international attack with organisations such as Telefonica, Deutsche Bahn, FedEx and LATAM Airlines infected as well as many others.

Overall, over 150 countries were affected.

The importance of cyber security is nothing new.

Newton’s third law states that for every action, there is an equal and opposite reaction, and it seems that this law also applies to technology. When a new piece of technology is created, an equal amount of time is put into trying to break it and use it against its intended users, and the internet was no exception.

Just as the net was starting to catch on in 1988, curiosity led to an inadvertent attack. Computer science student Robert T Morris was curious as to the size of the internet, so wrote a small program to log the different servers that it visited on its travels. The trouble was, bugs in his code made it scan the net very aggressively, running multiple copies of the code on every server it visited, taking up processing power, which gradually slowed the internet to a halt. It took days to clean up the infection. Mr Morris had inadvertently created the first cyber-attack on the internet.

The organisations hit are still in the clean-up phase of the most recent attack and details are still emerging as to the who’s, how’s and why’s, but it appears that some simple measures and education on cyber security and the potential outcomes of an attack would have gone a long way to stop this from happening in the first place.

How did this attack happen?

Ransomware is normally installed by opening a phishing email, which then spreads through to local networks and remote hosts that have not been updated with the latest security updates, or are running older, and no longer supported operating systems such as Windows XP or Vista.

Running an older operating system on your organisation’s machines, such as XP which hasn’t seen a security update since 2014, puts you at particularly high risk of attacks, but even updating to the most current OS doesn’t insulate you from these attacks if you do not regularly install the security updates on your machines.

Hacking is not limited to Microsoft operating systems though, recent high profile attacks on then Presidential candidate Hilary Clinton shows how precarious our internet security is. In 2012, 68 million Dropbox users were hacked in a security breach brought about by an employee of Dropbox using the same password for his work account that he had for a personal account. Simple everyday mistakes like this can have global consequences.

What measures should you be taking to prevent hacks?

As I have said, ensuring that all security updates are installed as soon as they are available, as well as running supported operating systems is a good start to preventing these attacks from affecting you, but this is only the start, the biggest thing that you can do to help prevent these attacks is use your common sense. Our head of IT & Security Andrew Watts has the following advice.

“If you receive an email from an address or user that you don’t know, then be sceptical. If an email doesn’t look right, it most probably isn’t, just delete it, do not forward it onto anyone even your IT team, this is only passing the problem on and potentially propagating it.

Hovering over any link you receive in your emails should highlight the URL that you will be directed to, if it seems suspicious or not what you were expecting to see, then do not click it.
Simple measures like this will go a long way to stop you from falling into the attackers traps.

If all of this has made you concerned about the confidential information that you have relating to your organisation, then that is a good thing in my eyes. Vigilance and knowledge is the only way to combat these attacks. Security is everyone’s responsibility.”

How secure is my organisation’s information?

Storing highly sensitive and confidential documents on your local system or in your emails is a recipe for disaster. Email hacking of large companies is increasing 40% year on year, yet 76% of managers use emails to send and store secure meeting documents. Sending physical documents is even more fraught with risk.

Using a secure solution for your board documents that encrypts your data like BoardPacks to send and store documents helps to eliminate that risk. With BoardPacks, you have the choice of using your company’s secure Microsoft SharePoint site to host our solution or you can choose to have your data hosted in our data centre, which is not only ISO 27001 compliant, the highest standard possible, but it is also literally bomb proof. It is located in a former nuclear bunker.

With entity management, it is even more important that the data is secure, with the scale and breadth of information needed to be stored growing yearly in an increasingly regulatory world. Our EntitySquared solution is another great example of how you can minimise these risks and reduce the workload needed for entity management.

Cyber security will only become more important as the amount of data produced every day grows at an exponential rate and reliance on technology to handle and manipulate this data grows. But by following the steps I have outlined above and ensuring that your company takes security seriously from the very top of your organisation downward, you are putting yourself in the best position possible to combat these threats.

posted on & filed under Corporate Issues.